2 matches found
CVE-2024-12322
CVE-2024-12322 : The PerfectWedding.nl Widget for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 2.8 due to missing/incorrect nonce validation on the update_option path. This permits unauthenticated attackers to modify the tpwKey option, enabling stored XSS whe...
CVE-2024-12322 ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'updateoption' function. This makes it possible for unauthenticated attackers to update the...